| 2016-12-07 12:21:17 |
James Page |
bug |
|
|
added bug |
| 2016-12-07 12:21:47 |
James Page |
bug task added |
|
charm-lxd |
|
| 2016-12-07 12:21:53 |
James Page |
charm-lxd: status |
New |
Triaged |
|
| 2016-12-07 12:23:16 |
James Page |
nova-lxd (Ubuntu): importance |
Undecided |
High |
|
| 2016-12-07 12:23:18 |
James Page |
charm-lxd: importance |
Undecided |
High |
|
| 2016-12-07 12:23:54 |
James Page |
charm-lxd: assignee |
|
James Page (james-page) |
|
| 2016-12-07 12:23:57 |
James Page |
charm-lxd: status |
Triaged |
In Progress |
|
| 2016-12-07 12:24:16 |
James Page |
nominated for series |
|
Ubuntu Zesty |
|
| 2016-12-07 12:24:16 |
James Page |
bug task added |
|
nova-lxd (Ubuntu Zesty) |
|
| 2016-12-07 12:24:16 |
James Page |
nominated for series |
|
Ubuntu Xenial |
|
| 2016-12-07 12:24:16 |
James Page |
bug task added |
|
nova-lxd (Ubuntu Xenial) |
|
| 2016-12-07 12:24:16 |
James Page |
nominated for series |
|
Ubuntu Yakkety |
|
| 2016-12-07 12:24:16 |
James Page |
bug task added |
|
nova-lxd (Ubuntu Yakkety) |
|
| 2016-12-07 12:24:34 |
James Page |
bug task added |
|
cloud-archive |
|
| 2016-12-07 12:24:45 |
James Page |
nominated for series |
|
cloud-archive/ocata |
|
| 2016-12-07 12:24:45 |
James Page |
bug task added |
|
cloud-archive/ocata |
|
| 2016-12-07 12:24:45 |
James Page |
nominated for series |
|
cloud-archive/mitaka |
|
| 2016-12-07 12:24:45 |
James Page |
bug task added |
|
cloud-archive/mitaka |
|
| 2016-12-07 12:24:45 |
James Page |
nominated for series |
|
cloud-archive/newton |
|
| 2016-12-07 12:24:45 |
James Page |
bug task added |
|
cloud-archive/newton |
|
| 2016-12-07 13:54:44 |
James Page |
bug task added |
|
nova-lxd |
|
| 2016-12-07 15:45:18 |
OpenStack Infra |
cloud-archive/mitaka: status |
New |
Fix Committed |
|
| 2016-12-07 15:51:33 |
OpenStack Infra |
cloud-archive/newton: status |
New |
Fix Committed |
|
| 2016-12-07 15:58:32 |
OpenStack Infra |
charm-lxd: status |
In Progress |
Fix Committed |
|
| 2016-12-07 16:05:00 |
James Page |
nova-lxd: status |
New |
In Progress |
|
| 2016-12-07 16:05:00 |
James Page |
nova-lxd: assignee |
|
James Page (james-page) |
|
| 2016-12-07 16:05:18 |
James Page |
nova-lxd: importance |
Undecided |
High |
|
| 2016-12-15 10:55:11 |
James Page |
nova-lxd (Ubuntu Xenial): status |
New |
Triaged |
|
| 2016-12-15 10:55:21 |
James Page |
nova-lxd (Ubuntu Yakkety): status |
New |
Triaged |
|
| 2016-12-15 10:55:31 |
James Page |
nova-lxd (Ubuntu Zesty): status |
New |
Triaged |
|
| 2016-12-15 10:57:48 |
James Page |
nova-lxd: status |
In Progress |
Fix Released |
|
| 2016-12-15 10:58:03 |
James Page |
charm-lxd: status |
Fix Committed |
Fix Released |
|
| 2016-12-15 10:58:32 |
James Page |
cloud-archive/mitaka: status |
Fix Committed |
Triaged |
|
| 2016-12-15 10:58:42 |
James Page |
cloud-archive/newton: status |
Fix Committed |
Triaged |
|
| 2016-12-15 10:58:52 |
James Page |
cloud-archive/ocata: status |
New |
Triaged |
|
| 2016-12-15 11:01:29 |
James Page |
description |
LXD 2.0.6 supports use of distinct sub-uid/gid for each running container; nova-lxd has support for this upstream in all stable and master branches so we should update nova-lxd in >= Xenial to support this feature. |
[Impact]
By default, all LXD containers will run with the same subuid/subgid range, which means that if a single container is compromised, all containers on the same host are potentially compromised as well.
[Test Case]
deploy a nova-lxd based openstack cloud
boot multiple instances
they all share the same uid/gid mapping within a host
boot multiple instances with a flavor property of lxd:isolated
all containers have different uid/gid mappings within a host
[Regression Potential]
Minimal in nova-lxd itself; we're just adding an additional extra-spec and tweaking the container profile if the underlying LXD daemon supports the isolation feature.
[Original Bug Report]
LXD 2.0.6 supports use of distinct sub-uid/gid for each running container; nova-lxd has support for this upstream in all stable and master branches so we should update nova-lxd in >= Xenial to support this feature. |
|
| 2016-12-15 11:01:36 |
James Page |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2016-12-15 11:18:42 |
James Page |
nova-lxd (Ubuntu Yakkety): importance |
Undecided |
High |
|
| 2016-12-15 11:18:52 |
James Page |
nova-lxd (Ubuntu Xenial): importance |
Undecided |
High |
|
| 2016-12-15 11:19:08 |
James Page |
nova-lxd (Ubuntu Zesty): status |
Triaged |
In Progress |
|
| 2016-12-15 11:19:17 |
James Page |
nova-lxd (Ubuntu Yakkety): status |
Triaged |
In Progress |
|
| 2016-12-15 11:19:26 |
James Page |
nova-lxd (Ubuntu Xenial): status |
Triaged |
In Progress |
|
| 2016-12-15 11:30:27 |
James Page |
nova-lxd (Ubuntu Zesty): assignee |
|
James Page (james-page) |
|
| 2016-12-15 14:46:44 |
Launchpad Janitor |
nova-lxd (Ubuntu Zesty): status |
In Progress |
Fix Released |
|
| 2017-01-05 20:11:26 |
Corey Bryant |
cloud-archive/mitaka: importance |
Undecided |
High |
|
| 2017-01-05 20:11:35 |
Corey Bryant |
cloud-archive/newton: importance |
Undecided |
High |
|
| 2017-01-05 20:11:45 |
Corey Bryant |
cloud-archive/ocata: importance |
Undecided |
High |
|
| 2017-01-06 00:12:45 |
Brian Murray |
nova-lxd (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2017-01-06 00:12:50 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2017-01-06 00:12:55 |
Brian Murray |
tags |
|
verification-needed |
|
| 2017-01-17 11:46:49 |
James Page |
tags |
verification-needed |
verification-done |
|
| 2017-01-17 13:25:18 |
James Page |
cloud-archive: status |
Triaged |
Fix Committed |
|
| 2017-01-18 12:48:14 |
Robie Basak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2017-01-18 12:58:17 |
Launchpad Janitor |
nova-lxd (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2017-01-26 13:36:11 |
James Page |
cloud-archive: status |
Fix Committed |
Fix Released |
|
| 2017-02-01 14:40:51 |
Ryan Beisner |
cloud-archive/mitaka: status |
Triaged |
Fix Committed |
|
| 2017-02-01 14:40:53 |
Ryan Beisner |
tags |
verification-done |
verification-done verification-mitaka-needed |
|
| 2017-02-08 07:51:36 |
Andy Whitcroft |
nova-lxd (Ubuntu Yakkety): status |
In Progress |
Fix Committed |
|
| 2017-02-08 07:51:40 |
Andy Whitcroft |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2017-02-08 07:51:48 |
Andy Whitcroft |
tags |
verification-done verification-mitaka-needed |
verification-mitaka-needed |
|
| 2017-02-08 07:51:49 |
Andy Whitcroft |
tags |
verification-mitaka-needed |
verification-mitaka-needed verification-needed |
|
| 2017-02-08 11:19:16 |
James Page |
cloud-archive/newton: status |
Triaged |
Fix Committed |
|
| 2017-02-08 11:19:18 |
James Page |
tags |
verification-mitaka-needed verification-needed |
verification-mitaka-needed verification-needed verification-newton-needed |
|
| 2017-02-08 12:07:49 |
James Page |
tags |
verification-mitaka-needed verification-needed verification-newton-needed |
verification-done verification-mitaka-needed verification-newton-needed |
|
| 2017-02-16 19:10:53 |
Launchpad Janitor |
nova-lxd (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|
